aPersona Identity Installation
Prerequisites
Before begining the aPersona Identity Installation, be sure you have the following prerequisites:
An AWS account. (For initial testing we recommend you create a new AWS account, but this is not required. The aPersona Identity installation also comes with an uninstaller that removes everything cleanly and efficiently if needed.)
An AWS account with admin rights to perform the installation. This can either be the root account if this is just for testing, or it can be a specific installer account with admin rights.
A domain that you own setup in AWS Route53 in your AWS account. (If you do not have a domain, you can easily purchase one from within AWS Route53 in your AWS account. If the domain that you want to use is hosted in some other solution, like Godaddy, etc, you can simply create a sub-domain in AWS Route53. For example if your third party domain service domain is abc123.com, then in your AWS Route53 you create a new hosted zone. For example: identity.abc123.com.)
In Route53 create a new public hosted zone: identity.abc123.com (note and copy all the NS records associated with your new sub-domain.)
In your third party/other domain account that hosts abc123.com, create an NS Record, “identity”, and paste the NS Values from your subdomain and save the record.
An email account: Gmail, or O365 or other. (Note: If using Gmail ensure 2-Factor is turned on and you have an app specific password setup.)
Register your AWS account with aPersona’s hosted Adaptive Security Manager. Register Here. Simply fill in the form and submit it. (Note: In these instructions, your installation will be interfaced with aPersona’s hosted Adaptive MFA service running on AWS in aPersona’s AWS account. It is certainly possible for customers to run their own copy of aPersona’s ASM Service in their own AWS account, but that requires some additional steps, which are not covered here. Contact aPersona support for those additional instructions.)
Once you complete your aPersona AWS Account registration you will be emailed an aPersona Identity installation key.
In your AWS account create a new VM that will be used for the aPersona Installation. (This vm will only need to running when you are installing, uninstalling or updating your aPersona Identity service. Do not remove/delete it once you install. You can certainly delete it if you uninstall aPersona Identity, but keep it around if you think you will want to reinstall aPersona Identity in the future.)
In your AWS account navigate to EC2, and click Launch Instance.
Enter a name: ex. aPersona Identity Installation VM
Leave the default linux as Amazon Linux 2023 AMI.
For instance type select: t2.xlarge
For SSH access create a new key pair or select an existing key pair if you wish.
Allow SSH traffic from “your IP”.
Expand “Advanced Details” and click Create new IAM profile.
Create an aPersona Identity Installer Role:
Click Create a role. (This will open a new tab.)
Trusted entity type: AWS Service
Use case: EC2
Click Next.
Permissions: AdministratorAccess
Click Next
Name the role: aPersona Identity Installer (This role will only be used by the EC2 instance.)
Click Create Role
Go back to your EC2 Instance tab.
Click the refresh icon next to the IAM Instance Profile input field.
Select your new role in the IAM Instance Profile input field.
Click Launch Instance.
Once you new instance it ready, connect to your new aPersona Identity Installation VM via SSH. (Note: The aPersona Identity Installation takes 30 to 50 minutes to complete, so it is best to connect to your EC2 instance via an SSH tool like putty or other tool instead of using the AWS Connect button in the AWS portal, because this method may time-out during the installation. Do also note however that if the install does time-out for any reason, you can simply run the install script again and the installation will pick up where it left off. The installer is very resilient.)
Login with ID: ec2-user
Once logged in enter the following commands into the terminal:
# sudo -i
# cd /home/ec2-user
# curl -o- https://raw.githubusercontent.com/apersona/aPersona-Identity-for-AWS-Installation/main/init_deploy.sh |bash
At this point the aPersona Identity installation will be copied to your VM.
Edit the config.sh file with your installation settings.
# vi config.sh
Follow the instructions in the file and save it.
Run the installation: (It will take 30 to 45 min to run the installation. Review and Accept the aPersona Terms and Conditions.)
# ./update.sh
Note: it is normal during the install the first time to see this message: An error occurred (404) when calling the HeadObject operation: Not Found
During the install you will receive two emails.
The first email will be an invite to your new aPersona Adaptive Security Manager Admin account. This will be sent very shortly after the installation begins. You can follow the instructions in the Email and complete your aPersona ASM registration. For training on how to configure your aPersona ASM Admin account settings see our video training here: (coming soon)
The second email will contain your aPersona Identity Admin Portal login url and temporary password. This email will come at the very end of the installation. If you have not received this email, then your installation has not completed. You can always just re-run # ./update.sh again to complete any missing install elements due to a time-out, and then you should receive the second email.
Installation is finished!!!
Shut down your aPersona Installation VM. You can leave it off until you want to perform an upgrade or to do an uninstall.
To learn more on how to test and configure your new aPersona Identity platform, please see our video training here: coming soon
To get the latest updates at any time, just restart your aPersona Installation VM, login, run # sudo -i, then the # ./update.sh script again.
To uninstall, just restart your aPersona Installation VM, login, run # sudo -i, then the # ./uninstall.sh script.
Please go to our training video series for post installation configurations and customizations: (coming soon)